☐ Verify that the administrative access to the configuration of the device has appropriate security measures (username, strong password, two step verification)

☐ Verify that the administrative access to the configuration of the device requires strong passwords configuring users if security is very important.

☐ Verify that administrative access is more secure than user access

☐ Verify that the administrative configuration allows for logging, security alerts and alarms. For example logging whenever someone logs in as an administrator; sending an alert any time a security option is changed, etc.

☐ Verify that there is software to monitor security violations and either log them or send alerts or both. For example, in a Bluetooth mesh network, log anytime a non-authenticated device sends a beacon to request provisioning.[1]

Insecure Software / Firmware – Anyone who has access to the device, the device’s network and the device’s update server (OWASP #9 Threat)

☐ Verify that the device has the ability to update remotely. If not, provide a justification to the Director of Development.

☐ Verify that the update file is encrypted at all stages after development

☐ Verify that the device has the ability to authenticate the update and uses it.

☐ Verify that the update server is itself secure.

☐ Verify that keys used to decrypt the file are not stored in plain text on the device or in the cloud

Cypress Semiconductor has announced that Pioneer has integrated Cypress’ Wi-Fi and Bluetooth Combo solution into its flagship in-dash navigation AV receiver. The solution enables passengers to display and use their smartphone’s apps on the receiver’s screen via Apple CarPlay or Android Auto, which provide the ability to use smartphone voice recognition to search for information or respond to text messages. The Cypress Wi-Fi and Bluetooth combo solution uses Real Simultaneous Dual Band (RSDB) technology so that Apple CarPlay and Android Auto can operate concurrently without degradation caused by switching back and forth between bands.The Pioneer AVH-W8400NEX receiver uses Cypress’ CYW89359 combo solution, which includes an advanced coexistence engine that enables optimal performance for dual-band 2.4-GHz and 5-GHz 802.11ac Wi-Fi and dual-mode Bluetooth/Bluetooth Low Energy (BLE) simultaneously for superior multimedia experiences. The CYW89359’s RSDB architecture enables two unique data streams to run at full throughput simultaneously by integrating two complete Wi-Fi subsystems into a single chip.

The CYW89359 is fully automotive qualified with AECQ-100 grade-3 validation and is being designed in by numerous top-tier car OEMs and automotive suppliers as a full in-vehicle connectivity solution, supporting infotainment and telematics applications such as smartphone screen-mirroring, content streaming and Bluetooth voice connectivity in car kits.

Raspberry Pi Trading has launched a $20 Power-over-Ethernet HAT board for the Raspberry Pi 3 Model B+ that delivers up to 15W and ships with a small fan. The Power-over-Ethernet HAT that was promised with the release of the Raspberry Pi 3 Model B+ SBC has arrived. The $20, 802.3af-compliant “Raspberry Pi PoE HAT” allows delivery of up to 15W over the RPi 3 B+’s USB-based GbE port without reducing the port’s up to 300Mbps bandwidth.

We’ve seen an increase in the use of PoE in embedded equipment over the last year, perhaps due to the growth in IoT applications in which embedded gear must be placed in remote locations. It’s cheaper and easier to run Ethernet cable to a remote device than to extend electrical lines.

With the help of the RPi 3 B+’s improved PXE boot function, which enables network booting, “you can now dispense with not only the power supply but also the SD Card, making deployment even cheaper for a Raspberry Pi based system in your factory or workplace,” writes Roger Thornton in the Raspberry Pi blog announcement.

The Raspberry Pi PoE HAT features a fully isolated switched-mode power supply with 37-57V DC, Class 2 input and 5V/2.5A DC output. The HAT connects to both the 40-pin header and a new PoE-specific 4-pin header introduced with the B+ located near the USB ports. To enable PoE, you need power sourcing equipment, which is either “provided by your network switch or with power injectors on an Ethernet cable,” writes Thornton.

Raspberry Pi PoE HAT with RPi 3 B+ (left) and close-up of 4-pin header on B+ between the USB ports and the 40-pin GPIO header
(click images to enlarge)

The PoE HAT ships with a 25 x 25mm brushless fan for cooling the Broadcom SoC. This does not appear to be due to any additional heat generated by PoE. Instead: “We see the product as a useful component for people building systems that may be in tougher environments,” writes Thornton.

The fan is connected via I2C and controlled with an Atmel MCU chip. This setup turns on the fan automatically when the SBC hits a certain temperature threshold, a trick that requires the latest sudo rpi-update firmware.

You can add another HAT board on top of the fan with the help of some pass-through headers for the 40-pin GPIO and the 4-way header to expose the pins on the other side of the PoE HAT. Raspberry Pi Trading recommends the 2×20 pin header from Pimoroni and 4-way risers from RS and element14.

The Raspberry Pi 3 Model B+ won LinuxGizmos’ reader survey of 116 Linux/Android hacker boards. The community-backed SBC builds upon the RPi 3 Model B design with a faster, up to 1.4GHz quad-core Broadcom SoC, as well as faster Ethernet (GbE). You also get various power management improvements and faster dual-band 802.11ac and Bluetooth 4.2, which comes in a pre-certified, shielded module.

Further information

The Raspberry Pi PoE HAT is available now for $20 at a variety of resellers. The blog announcement may be found here. The product page with links to resellers is here.

Congatec has announced the conga-SMX8, the company’s first SMARC 2.0 Computer-on-Module based on the 64-bit NXP i.MX8 multi-core Arm processor family. The Arm Cortex-A53/A72 based conga-SMX8 provides high-performance multi-core computing along with extended graphics capabilities for up to three independent 1080p displays or a single 4K screen. Further benefits of this native industrial-grade platform include hardware-based real-time and hypervisor support along with broad scalability as well as resistance against harsh environments and extended temperature ranges. The SMARC 2.0 module is designed to meet the recent performance and feature set needs for low power embedded, industrial and IoT as well as new mobility sector.The new SMARC 2.0 modules with NXP i.MX8 processors, hardware based virtualization and resource partitioning are well suited for a wide range of stationary and mobile industrial applications including real-time robotics and motion controls. Since the modules are qualified for the extended ambient temperature range from -40°C to +85°C, they can also be used in fleet systems for commercial vehicles or infotainment applications in cabs, buses and trains as well as new electric and autonomous vehicles.

The new conga-SMX8 modules feature up to 8 cores (2x A72 + 4x A53 + 2x M4F), up to 8 GByte of LPDDR4 MLC or pseudo SLC memory and up to 64 GByte of non-volatile memory on the module. The extraordinary interface set includes 2x GbE including optional IEEE1588 compliant precision clock synchronization, up to 6x USB including 1x USB 3.1, up to 2x PCIe Gen 3.0, 1x SATA 3.0, 2x CAN bus, 4x UART as well as an optional onboard Wi Fi/Bluetooth module with Wi-Fi 802.11 b/g/n and BLE.

Up to 3 displays can be connected via HDMI 2.0 with HDCP 2.2, 2x LVDS and 1x eDP 1.4. For video cameras, the modules support 2 MIPI CSI-2 video inputs. The new NXP i.MX8 based SMARC 2.0 modules come as application-ready super components including U-Boot and complete Board Support Packages for Linux, Yocto and Android.

Versalogic has extended its line of industrial temperature, rugged Mini PCIe expansion products with the “E5”. This new Dual Gbit Ethernet expansion board provides an easy and economical way to add additional Ethernet ports to high-stress embedded computer systems. Unlike similar Mini PCIe boards, the E5 is completely self-contained with on-board magnetic isolation. There is no need for off-board magnetics or special cabling.

The E5’s extremely small form factor format allows it to be added to systems with very little impact to the overall size of the solution. It’s well suited for size and weight optimized applications.

The E5 is customizable, even in low OEM quantities. Customization options include conformal coating, revision locks, custom labeling, customized testing and screening and so on. The E5 is compatible with a variety of popular operating systems such as Linux and Windows.

The E5, part number VL-MPEe-E5E, is in stock at both Versalogic and Digi-Key. OEM quantity pricing starts at $137.

Murata Power Solutions has introduced its DCM20 series of multifunction panel meters. For DC systems, these meters measure DC voltage and current, calculate power up to 96 kW, and display values either manually selected or continuously cycling. The miniature panel-mount product provides an input voltage range of 0.5 VDC to 72 VDC, with 10 mV of resolution. The meter also supports current measurement ranges from 5 A to 1,200 A when used with an external user-supplied resistive shunt. Targeted for use in 12 V, 24 V or 48 V systems, out-of-the-box accuracy of the product is +/-1 % for voltage and +/-2 % for current.Packaged in a rugged, one-piece polycarbonate housing, with dimensions of 2.1″ x 1.43″ or 53.3 mm x 36.3 mm, the DCM20 fits in ‘0U’ and ‘1U’ racks making it well-suited for laboratory instrumentation as well as industrial and telecom equipment. Threaded mounting studs and caged terminal blocks for application wiring ensure reliable operation in harsh environments.

Applications for the product include, but are not limited to, real-time monitoring and display of DC power in telecom power distribution systems, battery management/backup systems, laboratory instrumentation and alternative energy and marine installations.

The DCM20 features a large (0.36″ /9.2 mm) bright red display easily readable at 15 feet (5 m), with green or blue displays a future option. A front-panel capacitive touch sensor is incorporated for selection of operating mode, avoiding wear-out issues possible with a membrane of other mechanical switches. Using the touch sensor control, the user may configure the unit to display voltage, current or power, or set the unit to continually cycle between the three measurements.

The unit can be self-powered from the measured voltage or powered separately from an external power supply, which can range from 9 VDC to 72 VDC. When self-powered, the input voltage range that can be measured is 9 VDC to 72 VDC and when externally powered the lowest measurable input voltage extends down to 0.5V. Current consumption of the DCM20 is generally negligible compared with the measured current being typically 6 mA at 12 V and only 2 m A at 72 V input.

A DIP switch on the DCM20 allows selection of 16 different full-scale current readings from 5 A to 1,200 A providing compatibility with a wide range of external shunt resistors, available both from Murata and other manufacturers. A fine adjustment potentiometer is also provided to calibrate the unit to compensate for shunt resistor tolerance for improved system measurement accuracy. The external shunt resistor may be placed in either the ‘high’ or the ‘low’ side of the power system, as the DCM20 has a common-mode voltage range of 72 V. A jumper is available to set where the voltage is actually measured, either remotely or at the shunt resistor. In this way, high or low side current sensing is practical and power measurement can exclude losses in wiring and the shunt resistor itself.

Maxim Integrated Products has announced the MAX32558 “DeepCover” family of secure microcontrollers that provide advanced cryptography, secure key storage and tamper detection in a 50% smaller package. As electronic products become smaller and increasingly connected, there is a growing threat to sensitive information and privacy, requiring manufacturers to keep security top of mind when designing their devices. While designers should prevent security breaches at the device level, they often struggle with the tradeoff of enhanced security with minimized board space, as well as the cost of design complexity and meeting time to market goals.The MAX32558 DeepCover Arm Cortex-M3 flash-based secure microcontroller solves these challenges by delivering strong security in a small footprint while simplifying design integration and speeding time to market. It integrates several security features into a small package, including secure key storage, a secure bootloader, active tamper detection and secure cryptographic engines. It also supports multiple communications channels such as USB, serial peripheral interface (SPI), universal asynchronous receiver-transmitter (UART) and I2C, making it ideal for a wide range of applications. Maxim’s long-standing reputation and experience in payment terminal certifications as well as its established support and technology can help streamline the certification process for customers, reducing the process up to 6 months’ time (rather than the typical 12 to 18 months).

Security:Features:

Shields sensitive data by providing the most secure key storage available

Compared to a secure authenticator, the MAX32558 provides 30x more general-purpose input/output (GPIO) in the same PCB footprint (4.34 mm x 4.34 mm) wafer-level package (WLP). The closest competitor, meanwhile, offers a device with similar features but in a much larger package (8 mm x 9 mm ball-grid array 121 (BGA121)). The devices reduces footprint by embedding a number of security features to address point-of-sale Payment Card Industry (PCI) pin transaction security (PTS) requirements, as well as several analog interfaces. It provides 512 KB of internal flash and 96 KB of internal SRAM

Easy design integration is enabled by a complete software framework including real-time operating system (RTOS) integration and code examples in evaluation kit. Code can be easily ported from one device to another as it shares the same API software library as the rest of the product family. A pre-certified Europay, Mastercard and Visa (EMV)-L1 stack for smartcard interface is provided. Extensive documentation and code is provided for managing the device lifecycle, such as secure firmware signing and device personalization. The MAX32558 is available at Maxim’s website for $3.80 (1,000-up).

Analog Devices has announced the Power by Linear LTC3372, an integrated power management solution for systems that require multiple low voltage outputs generated from an input voltage as high as 60 V. The LTC3372 features a 60 V synchronous buck switching regulator controller followed by four configurable synchronous monolithic buck regulators. This combination provides up to five high efficiency low quiescent current outputs in a single IC, well-suited for automotive, industrial and medical applications.

The LTC3372’s buck controller operates over a 4.5 V to 60 V input voltage range and drives an all N-channel MOSFET power stage. Its output can be programmed to either 3.3 V or 5 V and can generate an output current up to 20 A. The controller output is typically used to feed the four monolithic buck regulators. Each monolithic buck channel can be programmed to regulate an output voltage as low as 0.8 V with a configurable output current up to 4 A. Eight 1 A integrated power stages are programmed by the C1-C3 pins into one of eight unique configurations, from a quad 2 A buck to a dual 4 A buck. This allows only one inductor per channel.

The LTC3372 offers a low IQ solution ideal for battery-powered or automotive applications in which one or more power supply rails are always on. With just the high voltage controller enabled, the device draws 15 µA from a 12 V input supply while regulating the output to 5 V at no load. Each monolithic buck regulator adds only 8 µA of additional IQ per channel enabled. The LTC3372’s monolithic buck switching frequency can be programmed from 1 MHz to 3 MHz and can be synchronized to an external clock while the buck controller switches at 1/6 of this frequency. Additional features include foldback current limiting, soft-start, short-circuit protection and output overvoltage protection.

The LTC3372 is available from stock in a thermally enhanced 48-pin 7 mm × 7 mm QFN package. E and I grades are specified over an operating junction temperature range of –40°C to 125°C, and the H grade features operation from –40°C to 150°C.

Our weekly Circuit Cellar Newsletter will switch its theme each week, so look for these in upcoming weeks:

Analog & Power. (9/4) This newsletter content zeros in on the latest developments in analog and power technologies including DC-DC converters, AD-DC converters, power supplies, op amps, batteries and more.

Microcontroller Watch (9/11) This newsletter keeps you up-to-date on latest microcontroller news. In this section, we examine the microcontrollers along with their associated tools and support products.

Segger has introduced emPack, a complete operating system for IoT devices and embedded systems. It is delivered in source code for all 8-/16-/32-bit microcontrollers and microprocessors. emPack is optimized for high performance, and small memory footprint and easily fits onto typical MCUs without requiring expensive external memory, keeping the cost of the embedded computing system to a minimum.emPack components are written in plain C and can be compiled by standard ANSI/ISO C compilers. The software package includes embOS, emWin, emFile, embOS/IP, emUSB- Device, emUSB-Host, emModbus, emCompress, emCrypt, emSecure, emSSL, emSSH, and SEGGER’s IoT Toolkit.

All emPack components work seamlessly together and are continuously tested on a variety of microcontrollers from different vendors. According to the company, it is very easy to get started with emPack. And it significantly reduces the time it requires to deliver a product using robust and well tested components that simply work.

Another benefit of using emPack as a platform is portability: Switching to a different microcontroller even with a different core requires minimal changes. Standardizing on emPack enables you to enhance your products when newer, more powerful processors are introduced, or can target a wider customer base with cost-optimized products using less expensive MCUs.

Because all components work together through well-defined interfaces, existing projects that already have a mandated RTOS can use emPack’s components by simply customizing a small number of OS adaptation functions. emPack has been fully tested with Amazon FreeRTOS and example configurations are available upon request.

Maxim Integrated Products has announced a series of power-management ICs (PMICs) that enable designers to optimize power for automotive advanced driver-assistance systems (ADAS) functions to achieve high performance, small size, efficiency and electrical protection.

ADAS functions, many of which are now mandatory or will be soon, increase vehicle safety and enhance the driving experience. These features include smart braking for collision avoidance, GPS/navigation, adaptive cruise control, lane centering, lane-departure warning, and back-up/surround video. Although these functions receive considerable design attention, managing DC power in electrically harsh vehicle environments is a less-publicized yet critical challenge which involves significant issues of functions, features, performance, efficiency and footprint.Maxim’s array of application-optimized ICs, which manage DC power, solve the top-level designer pain points for various ADAS functions involving a combination of package size, operating efficiency, quiescent current, electrical protection, and EMI generation.

Ayla Networks has announced new capabilities to its IoT platform that will further simplify the ability to gain business value from IoT. This new Ayla IoT platform release overcomes restrictions on choosing wireless modules to connect to the Ayla IoT cloud and streamlines the creation of enterprise applications that use IoT device data.

A new Ayla portable software agent significantly cuts the time needed to get to market with IoT initiatives, by allowing manufacturers to select essentially any cellular or Wi-Fi module and have it connect easily to the Ayla IoT cloud. For makers of IoT solutions and service providers, the Ayla IoT platform has added new application enablement capabilities that make it faster and easier to build both mobile and web-based enterprise applications that take advantage of IoT data.To connect to an IoT cloud, devices use an embedded cellular or Wi-Fi module, comprising both a hardware chip and a software agent, that provides wireless cloud connectivity. Until now, IoT software agents had to be built and certified to work with a specific chip and module type, an expensive process that could take a year or more and involve significant certification overhead.

The new Ayla portable agent circumvents this problem by enabling connectivity to the Ayla IoT cloud from any cellular or Wi-Fi module—without the lengthy process of certifying a different software agent for each chip or module variation, and without having to generate source code to port the agent to a chosen module. As a result, IoT solution providers that want to connect to the Ayla IoT cloud are no longer restricted to a list of certified cellular or Wi-Fi modules; instead, they can take a bring-your-own (BYO) approach to IoT modules.

The Ayla portable agent includes source code, reference implementation, a porting guide, and a test suite for both cellular and Wi-Fi solutions. In addition, Ayla Networks can recommend development partners able to perform porting work for enterprises that lack in-house IoT firmware development expertise.

The Ayla Web Software Development Kit (SDK) reduces development cycles for applications that leverage IoT device data in conjunction with an enterprise’s other cloud or data integrations. A new product, the Ayla Web SDK makes it easy for developers to create business applications on top of the Ayla IoT platform. It provides pre-packaged functionality for user management, device monitoring, session management and rule-based access control (RBAC) management.

The Zigbee Alliance has announced a new Certification Program that creates new business opportunities for members, and makes it easy for new entrants to join the growing ecosystem of Certified Products that work with major consumer and commercial IoT platforms. The new program is now open, and permits members — and for the first time, non-members — to quickly adopt, sell, and market Certified Products under their own brand while maintaining those products’ Certified status.

For new entrants to the IoT, or companies looking to fill a gap in their portfolio, this program offers an easy, fast, and affordable avenue to implement Certified Products from Alliance Participant and Promoter member companies, and then market those products under their own brand. Approved products can then carry the Zigbee Certified logo, leveraging the brand recognition and interoperability mark of Zigbee and allowing companies to create products that work with the leading consumer and commercial IoT and smart home platforms, or even create their own from the diverse portfolio of Zigbee Certified Products.

For Zigbee Alliance Participant and Promoter members, this program opens new markets and sales channels by enabling them to offer Certified Products to customers for re-branding and non-functional modification while maintaining those products’ Certified status. Adopter-level members of the Zigbee Alliance are also eligible to receive unlimited Certification Transfers on products from Participant or Promoter companies, and market those products using their own brand.

Industry analysts project Zigbee technology will ship in 3.8 billion (85%) of the 4.5 billion 802.15.4 units predicted to hit the market in 2023. As consumers embrace the smart home, and leading ecosystem providers – such as Amazon, Comcast, Huawei, IKEA, Legrand, Schneider Electric, Signify (formerly Philips Lighting), Somfy, and Samsung SmartThings – continue to create products based on the Zigbee Alliance’s wireless standards, IoT product developers are eager to participate in and build on the network of thousands of Zigbee Alliance Certified products already making meaningful connections between humans and the objects in their environment.

How the Program Works

Participant or Promoter members are now populating the online Certification Transfer Tool with products available for a Certification Transfer. To receive a Certification Transfer, you must be either a Zigbee Alliance Member (in good standing), or be a new company who has never been an Alliance member.

To participate in the program, products for certification transfer must:

Be previously Certified by the Zigbee Alliance (Zigbee 3.0, Zigbee Smart Energy, and Green Power devices)

Be Certified as an “end product”

Be enrolled by a Participant or Promoter Company for certification transfer in the member certification web tool

The new Certification Transfer Program is open now. To share more about the program, the Zigbee Alliance will be holding a public webinar on August 22, 2018 at 7 am to go over the details of the process and the benefits to those who take part in the program. Register here.